diff options
| author | Xavier Priour <xavier.priour@bubblyware.com> | 2015-12-13 20:02:34 +0100 |
|---|---|---|
| committer | Xavier Priour <xavier.priour@bubblyware.com> | 2015-12-13 20:02:34 +0100 |
| commit | 18697d45f652a119ba21b0cef42fbf732902bfa9 (patch) | |
| tree | 2ca8bc680acb8c148478660158a2f82ae4f61e7d /models/export.js | |
| parent | 7cfc72da995a247b77d24dca215e59af2f5ed5f0 (diff) | |
| download | wekan-18697d45f652a119ba21b0cef42fbf732902bfa9.tar.gz wekan-18697d45f652a119ba21b0cef42fbf732902bfa9.tar.bz2 wekan-18697d45f652a119ba21b0cef42fbf732902bfa9.zip | |
board export now checks authentication
Diffstat (limited to 'models/export.js')
| -rw-r--r-- | models/export.js | 26 |
1 files changed, 8 insertions, 18 deletions
diff --git a/models/export.js b/models/export.js index 7be97986..20b1186a 100644 --- a/models/export.js +++ b/models/export.js @@ -1,25 +1,15 @@ -/* global JsonRoutes */ -if(Meteor.isServer) { - console.log(`userId is ${this.userId}`); - JsonRoutes.add('get', '/api/b/:id', function (req, res) { - const id = req.params.id; - const board = Boards.findOne(id); - //if(Meteor.userId() && allowIsBoardMember(Meteor.userId(), board)) { - const exporter = new Exporter(id); - JsonRoutes.sendResult(res, 200, exporter.build()); - //} else { - // // 403 = forbidden - // JsonRoutes.sendError(res, 403); - //} - }); -} + Meteor.methods({ exportBoard(boardId) { + check(boardId, String); const board = Boards.findOne(boardId); -// //if(Meteor.userId() && allowIsBoardMember(Meteor.userId(), board)) { - const exporter = new Exporter(boardId); - return exporter.build(); + if(board.isVisibleByUser()) { + const exporter = new Exporter(boardId); + return exporter.build(); + } else { + throw new Meteor.Error('error-board-notAMember'); + } } }); |